CVE-2025-15432
Path Traversal in yeqifu carRental FileController Allows Remote Access
Publication date: 2026-01-02
Last updated on: 2026-02-23
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| yeqifu | carrental | to 3fabb7eae93d209426638863980301d6f99866b3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-15432 is a path traversal vulnerability in the yeqifu carRental application, specifically in the downloadShowFile function of the FileController component. The vulnerability occurs because the application does not properly validate or sanitize the 'path' parameter, allowing attackers to manipulate it to traverse directories outside the intended folder. This enables unauthorized access to arbitrary files on the server. The vulnerability can be exploited remotely without any authentication, making it highly accessible to attackers. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to access and download arbitrary files from the server, potentially exposing sensitive or confidential information. Since no authentication is required, attackers can remotely exploit this flaw easily. The exposure of unauthorized files can lead to information disclosure, which may further facilitate additional attacks depending on the files accessed. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to exploit the path traversal flaw in the downloadShowFile endpoint. For example, sending a POST request to the endpoint /file/downloadShowFile.action with a path parameter containing traversal sequences such as '../' can reveal if arbitrary files can be accessed. A proof-of-concept involves sending a POST request with path=../flag.txt to check if files outside the intended directory are accessible. Network monitoring tools can look for such suspicious requests targeting the downloadShowFile.action endpoint with path parameters containing '../'. Example command using curl: curl -X POST 'http://<target>/file/downloadShowFile.action' -d 'path=../etc/passwd' to test if the server returns the contents of the passwd file. [3]
What immediate steps should I take to mitigate this vulnerability?
Currently, no official patch or mitigation is available as the project has not responded to the issue. Immediate steps include restricting access to the vulnerable endpoint, implementing network-level controls such as firewall rules to block suspicious requests containing path traversal sequences, and monitoring logs for exploitation attempts. Consider replacing the affected component or application with an alternative product that does not have this vulnerability. Additionally, avoid exposing the vulnerable service to untrusted networks until a fix is available. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows unauthorized remote attackers to access and download arbitrary files from the server due to path traversal and lack of authorization checks. Such unauthorized disclosure of sensitive or personal data can lead to non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding confidentiality and integrity of personal and sensitive information. Therefore, exploitation of this vulnerability could result in violations of these standards by exposing protected data without consent or proper controls. [1, 3]